Overview

Previous Next

The S4E MCP Server brings the full S4E security platform into your AI assistant. Built on the Model Context Protocol (MCP), it lets MCP-compatible clients — Cursor, Claude Desktop, Claude Code, VS Code, Windsurf, and others — interact with the S4E API in natural language.

Instead of switching to the S4E console or hand-writing API calls, you can simply ask your assistant:

"Start a full scan on example.com and tell me when the critical findings come in."

The assistant translates the request into the right S4E API calls through the MCP server and returns structured results back into your chat.

What You Can Do

With the S4E MCP server connected, your AI assistant can:

  • Manage assets — list, add, and verify domains, IPs, and CIDR ranges.
  • Run scans — launch Full, Light, Crawler, and single vulnerability scans.
  • Read findings — pull vulnerabilities, severity summaries, and security scores.
  • Track asset risk — retrieve detailed risk scores and historical trends per asset or tag.
  • Tune crawling — configure included/excluded URLs and custom headers.
  • Track posture — review scan history, open ports, and overall risk.
  • Check capabilities — answer "Can S4E scan for X?" against the live scan catalog.

See the Tools Reference for the full list and the Example Prompts page for ready-to-use requests.

How It Works

The S4E MCP server runs over HTTP (Streamable) transport. It sits between your AI client and the S4E API:

Cursor / Claude / VS Code               S4E
        │                                 ▲
        │  HTTP (Streamable)              │
        │  S4E-API-Token header           │
        ▼                                 │
   s4e-mcp server  ───────────────►  S4E API
   /mcp   /health                    (api.s4e.io)
  • The client connects to the server's /mcp endpoint.
  • The server stores no credentials. Every request must carry the user's own token in the S4E-API-Token header. A single server instance can therefore serve many users in parallel.
  • The server forwards each tool call to the appropriate S4E API endpoint and returns the result.

Token required

Each request needs a valid S4E Public API Token. Generate one from app.s4e.io/api-token. Never commit your token to a public repository or share it on screen.

Deployment Options

Mode When to use How
Hosted Easiest — point your client at the managed endpoint https://mcp.s4e.io/mcp
Self-hosted (Kubernetes) On-prem / enterprise deployments Helm chart on your own cluster

Next Steps

  1. Setup & Integration — connect Cursor, Claude Desktop, Claude Code, VS Code, or Windsurf.
  2. Tools Reference — see every capability the server exposes.
  3. Example Prompts — copy-paste prompts for common workflows.
Contributing Setup & Integration